Bug 233173 - security/openssl111: fails to stage if PREFIX != LOCALBASE
Summary: security/openssl111: fails to stage if PREFIX != LOCALBASE
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Bernard Spil
URL:
Keywords: needs-patch
Depends on:
Blocks:
 
Reported: 2018-11-12 17:06 UTC by John Hein
Modified: 2018-11-21 13:58 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (brnrd)


Attachments
[patch] update security/openssl111 to build with non-default PREFIX (388 bytes, patch)
2018-11-12 17:36 UTC, John Hein
brnrd: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description John Hein 2018-11-12 17:06:13 UTC

    
Comment 1 John Hein 2018-11-12 17:36:08 UTC
Created attachment 199180 [details]
[patch] update security/openssl111 to build with non-default PREFIX

If you build openssl111 with PREFIX=/foo, it fails during 'make stage'.
Comment 2 John Hein 2018-11-12 18:19:54 UTC
Comment on attachment 199180 [details]
[patch] update security/openssl111 to build with non-default PREFIX

The patch builds ok in poudriere testport.
No new portlint warnings.
Comment 3 Bernard Spil freebsd_committer 2018-11-12 20:26:25 UTC
Comment on attachment 199180 [details]
[patch] update security/openssl111 to build with non-default PREFIX

Hi John,

Thanks for bringing this up! This is indeed an issue in the current port. I have it queued to be added on the next commit.

Cheers, Bernard.
Comment 4 commit-hook freebsd_committer 2018-11-20 17:52:07 UTC
A commit references this bug:

Author: brnrd
Date: Tue Nov 20 17:51:35 UTC 2018
New revision: 485451
URL: https://svnweb.freebsd.org/changeset/ports/485451

Log:
  security/openssl111: Update to 1.1.1a

   - Fix prefix [1]

  PR:		233173 [1]
  Submitted by:	John Hein <z7dr6ut7gs snkmail com> [1]

Changes:
  head/security/openssl111/Makefile
  head/security/openssl111/distinfo
  head/security/openssl111/files/patch-CVE-2018-0734
  head/security/openssl111/files/patch-CVE-2018-0735
  head/security/openssl111/pkg-plist
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2018-11-21 03:42:29 UTC
ports r485451 introduced [1] a backward moving DISTVERSION:

# pkg version -t 1.1.1 1.1.1.a
# >

Apart from the version moving backward, and the change required to fix it (PORTEPOCH?), it also currently results in the openssl111 port being incorrectly described as vulnerable (via portaudit):

# ===>  openssl111-1.1.1.a has known vulnerabilities:
# openssl111-1.1.1.a is vulnerable:
# OpenSSL -- Multiple vulnerabilities in 1.1 branch
# CVE: CVE-2018-0734
# CVE: CVE-2018-0735
# WWW: https://vuxml.FreeBSD.org/freebsd/238ae7de-dba2-11e8-b713-b499baebfeaf.html

The vuxml entry for openssl11 uses "< 1.1.1_2" as the version specifier, which is also greater than the current DISTVERSION:

# pkg version -t 1.1.1_2 1.1.1.a
# >

The VuXML entry may need updating once the DISTVERSION issue is resolved.

[1] https://lists.freebsd.org/pipermail/svn-ports-all/2018-November/199899.html
Comment 6 Tobias Kortkamp freebsd_committer 2018-11-21 04:28:18 UTC
(In reply to Kubilay Kocak from comment #5)
A PORTEPOCH bump is not the best solution here (though certainly it would
solve it too).  Both of the problems can be solved by just changing
DISTVERSION back to PORTVERSION.
Comment 7 Tobias Kortkamp freebsd_committer 2018-11-21 13:58:18 UTC
(In reply to Tobias Kortkamp from comment #6)
Problem was fixed in ports r485516.